Research Repository

Healthcare Security Incident Response Strategy - A Proactive Incident Response (IR) Procedure

He, Ying and Maglaras, Leandros and Aliyu, Aliyu and Luo, Cunjin (2022) 'Healthcare Security Incident Response Strategy - A Proactive Incident Response (IR) Procedure.' Security and Communication Networks, 2022. pp. 1-10. ISSN 1939-0114

2775249.pdf - Published Version
Available under License Creative Commons Attribution.

Download (1MB) | Preview


The healthcare information system (HIS) has become a victim of cyberattacks. Traditional ways to handle cyber incidents in healthcare organizations follow a predefined incident response (IR) procedure. However, this procedure is usually reactive, missing the opportunities to foresee danger on the horizon. Cyber threat intelligence (CTI) contains information on emerging attacks and should be ideally utilized to inform the IR procedure. However, current research shows that the IR has not been effectively informed by CTI, especially in healthcare organizations. This paper fills in this gap by proposing a proactive IR response procedure based on the National Institute of Standards and Technology (NIST) IR methodology. This paper then presents the NHS WannaCry case study to demonstrate the use of the proposed IR methodology. We collate cyber security advisories from different CTI sources such as US/UK CERT to protect interconnected systems and devices from Ransomware attacks. This research provides novel insights into the IR in healthcare through embedding CTI advisories into IR processes and concludes that our proposed IR procedure can be used to counteract WannaCry Ransomware using CTI advisories. It has the significance of transforming the way of IR from reactive to proactive using the CTI in healthcare.

Item Type: Article
Divisions: Faculty of Science and Health
Faculty of Science and Health > Computer Science and Electronic Engineering, School of
SWORD Depositor: Elements
Depositing User: Elements
Date Deposited: 28 Feb 2022 12:03
Last Modified: 11 Apr 2022 14:35

Actions (login required)

View Item View Item